Friday, June 29, 2012

Espionage malware campaign targets users of Windows and Macs


Researchers have detected a new espionage campaign that uses Mac- and Windows-based malware to snoop on Chinese dissidents.
Both pieces of malware target Uyghur activists, who have reportedly clashed with the Chinese government in the past. Both malicious programs connect to the same command and control channel—physically located in China—and allow the attackers to take control of infected machines. Researchers from antivirus provider Kaspersky Lab spotted the Mac version on Friday morning. A few hours later, researchers with security firm AlienVault uncovered Windows-based malware that is part of the same campaign.
More here:

Bombshell Wiretap Details Dropped on Holder
(From "Darrell Issa Puts Details of Secret Wiretap Applications in Congressional Record" By Jonathan Strong, Roll Call)
In the midst of a fiery floor debate over contempt proceedings for Attorney General Eric Holder, House Oversight and Government Reform Chairman Darrell Issa (R-Calif.) quietly dropped a bombshell letter into the Congressional Record.
The May 24 letter to Rep. Elijah Cummings (D-Md.), ranking member on the panel, quotes from and describes in detail a secret wiretap application that has become a point of debate in the GOP’s “Fast and Furious” gun-walking probe.
The wiretap applications are under court seal, and releasing such information to the public would ordinarily be illegal. But Issa appears to be protected by the Speech or Debate Clause in the Constitution, which offers immunity for Congressional speech, especially on a chamber’s floor.
According to the letter, the wiretap applications contained a startling amount of detail about the operation, which would have tipped off anyone who read them closely about what tactics were being used.
The wiretap applications were signed by senior DOJ officials in the department’s criminal division, including Deputy Assistant Attorney General Jason Weinstein, Deputy Assistant Attorney General Kenneth Blanco and another official who is now deceased.
More here:

Wednesday, June 27, 2012


American drones (unmanned aircraft) with heavy weaponry, being used for attacks against terrorists in Pakistan and Afghanistan, will be followed by air micro equipments, based on flying insects.
Fear of launch of these espionage devices has began in 2007, with reports of strange flying devices that moved over the heads of anti-war protesters, who accused the U.S. A. for producing a secret spying robotic insects. 
Officials denied this. But now the “U.S. Air Force" has discovered insects that could take photographs, record and even attack and not being detected by radar, so called “deadly mini-drones." They will be ready for use in 2015. 
More here:

Sunday, June 24, 2012

Cyber Espionage: Malware Gets Snoopy

The world of malware has, over the last couple of decades, morphed to become not just a mechanism with which to subvert people's computers and steal money, but also a way for corporations and sovereign states to conduct cyber espionage.

An example of malware being used for industrial cyber espionage emerged two months ago with a worm, which had previously been quite rare, breaking out suddenly in Peru and neighboring countries.
This worm, specific to the electronic drafting software AutoCAD, is called ACAD/Medre.A and is written in AutoLISP, the language that is used to script operations in AutoCAD. ACAD/Medre.A has a very devious agenda: It e-mails copies of the drawings the user opens to over 40 mail boxes hosted at two different Chinese ISPs.
The antivirus firm ESET in San Diego was the first to detect the outbreak in Peru and noted that they could "see detections at specific URLs, which made it clear that a specific website supplied [an infected] AutoCAD template that appears to be the basis for this localized spike ... If it is assumed that companies which want to do business with [the company at the URL] have to use this template, it seems logical that the malware mainly shows up in Peru and neighboring countries. The same is true for larger companies with affiliated offices outside this area that have been asked to assist or to verify the – by then – infected project and then [infect] their own environment."
In other words, someone or some organization -- not necessarily in China -- planted the infected template. As a result they were able to swipe the drawings of all of the companies competing for some project, presumably to gain an edge in securing business.
More here:

Tuesday, June 19, 2012

Apple Secrets Leaked to Traders in Industrial Espionage Case

Industrial espionage never had that James Bond thrill. Instead of ballistic pens and machine gun-toting skiers, the cloak and dagger players in the corporate world rely on sales receipts and shipping info. 

However, oddly enough, just one of those forms could potentially net a profit that could put a nice down payment on a volcano lair.

That's presumably what 57-year-old Alnoor Ebrahim hoped for when he acquired secret info from Apple (AAPL) and RIM (RIMM) as part of an expert-network ring while working for AT&T (T). On Monday, the former employee plead guilty to selling inside information to traders who then went on to buy shares based on the intel, Reuters reported.

"I provided insider information concerning AT&T's sales of Apple's iPhone and RIM's BlackBerry products, as well as other handset set devices sold through AT&T distribution channels," Ebrahim said in a Manhattan court.

Ebrahim admitted to one count of conspiracy to commit wire and securities fraud. After entering into a plea agreement with the defense, he could be sentenced to a maximum of two years in prison.

An AT&T spokesperson was quick to play damage control.

"We took this matter very seriously and cooperated fully with the authorities," AT&T spokesman Marty Richtman said. "The conduct alleged was clearly against our code of business conduct, and Mr. Ebrahim is no longer an AT&T employee."

More here:

Insect Spy Drones in Production

An insect spy drone is already in production according to various internet sources. This robotic insect can be controlled from a great distance and is equipped with a camera and a built-in microphone.

It has the capability to fly remotely and land on your skin, like a real mosquito, and use it’s super-micron sized needle to take your DNA sample. All you feel is the pain of a mosquito bite (without the burning sensation and the swelling ofcourse).
This device can also inject a micro RFID tracking device, right under your skin, without you feeling nothing more than a small bite.
More here:

Chinese Spy Device in Hong Kong Cars: Apple Daily

Chinese authorities may be listening in on travelers' conversations in Hong Kong, with a device that's been installed on thousands of vehicles, according to Hong Kong's Apple Daily newspaper.

Authorities in Shenzhen have been installing "inspection and quarantine cards" on dual-plate Chinese and Hong Kong vehicles since 2007. They're apparently for tracking cars crossing the border. But Apple Daily says these devices are capable of much more. In fact, experts who examined the devices—taken apart by Apple Daily—say they can be used for eavesdropping, and can send signals up to 12 miles away.

Apple Daily says smugglers were the first to suspect these devices. They thought it was strange that border agents were able to precisely track down vehicles used for smuggling goods.

Shenzhen authorities denied the allegations, when Apple Daily approached them. But the claims have made travelers uneasy, especially those who discuss private business matters during their travels between Hong Kong and Mainland China.

Note: When was the last time you scheduled a TSCM Sweep? Contact me, I can help. ~JDL

Monday, June 18, 2012

Proving The Value Of Security To The C-Suite

When some of the top CSOs and CISOs in northern California’s Silicon Valley congregated this week past week at Yahoo corporate headquarters in Sunnyvale, it was business not technology that permeated the security and risk discussions amongst peers.
This gathering of top security, IT and risk executives at the Global Security Operations 2015 (GSO 2015) conference is a unique creation of security industry consultants Ray Bernard and James Conner, whose vision reaches beyond what to buy, instead to why it should be bought. The pair of veteran practitioners, along with other experts over the two-day event stressed that the job of security is giving management enough tools to understand the risks so they can make the right decisions. Management owns the risk – not security.
The conference kicked off with Yahoo’s director of corporate security and safety, Greg Jodry, who joined the team after stints at several large companies, including Microsoft where he worked directly with founder and CEO Bill Gates. Here at Yahoo he has built the corporate security and crisis management team from the ground up. It now serves more than 14,000 employees worldwide, with more than 70 brick and mortar locations in 35 countries.
More here:

Sunday, June 17, 2012

Man caught spying in mall women's restroom


A 20-year-old man faces charges for spying on women in a restroom at Perimeter Mall.

Dunwoody police said Ricky Summers snuck into a restroom at the Dunwoody mall to violate women.

"It's sick is what it is and somebody like that has to be sick to do something like that," shopper Debbie Pritchett told Channel 2's Erica Byfield.

Police said Summers recently hid out in a stall inside one women's restroom at Macy's, and when he thought the coast was clear, he'd pull his phone out to snap photos and shoot videos of women next to him.

They believe Summers went in the same restroom three times before getting caught.

"It was very, very creepy and it was very, very wrong and I'm sorry to the women that it happened," another shopper, Tanisha Scott, said.

More here:

Wednesday, June 6, 2012

LinkedIn’s Leaky Mobile App Has Access to Your Meeting Notes

LinkedIn mobile app subscribers may be surprised to learn that the calendar entries on their iPhones or iPads— which may include details about meeting locations, participants, dial-in information, passwords and sensitive meeting notes — are transmitted back to LinkedIn’s servers without their knowledge.

Mobile security researchers will present those findings at a security workshop at Tel Aviv University on Wednesday. The researchers, Yair Amit and Adi Sharabani, discovered that LinkedIn’s mobile app for iOS, Apple’s mobile operating system, included an opt-in feature that allows users to view their iOS calendar entries within the app. Once users opt in to that feature, however, LinkedIn automatically transmits their calendar entries to its servers. LinkedIn grabs details for every calendar on the iOS device, which may include both personal and corporate calendar entries.

That practice, which is not communicated to users, may violate Apple’s privacy guidelines, which expressly prohibit any app from transmitting users’ data without their permission. A similar practice came to light earlier this year when a developer noticed that Path, the popular mobile social network, was uploading entire address books to its servers without users’ knowledge. That practice came under scrutiny by members of Congress. In response, Path said it would stop the practice and destroy the data it had collected.

More here:

Tuesday, June 5, 2012

Survey: Data breaches affecting customer relations

What harm can a data breach do? Not much, provided you don’t care about retaining a relationship with your patients or health plan members.

But if amicable customer relations are important to your organization, breaches can be a nasty problem, according to a Traverse City, Mich.,-based researcher. Now that 47 states and the federal government have enacted breach notification laws, there is a growing awareness among the general population about data breaches, according to a recently released consumer survey by the Ponemon Institute, which had a 2005 survey for comparison. 

In that earlier survey, 12% of respondents indicated they had been contacted about a breach involving their personal information. In the recent survey, that number more than doubled to 25% (708 who said they had experienced a breach out of 2,832 respondents to the Web-based survey.)

The survey, sponsored by Experian, the credit bureau that sells identity theft protection services, broadly assessed consumer attitudes and experiences about breaches across an array of industries, healthcare information breaches included. 

Ten percent of those who had experienced a breach of their records said their medical and healthcare records were lost or stolen, with 5% saying the breach involved their health plan provider account numbers and 3% their prescriptions. Eight percent said they had received breach notices from hospitals or clinics, 2% from an insurance company and 9% from a state or local government agency.

Just 35% of respondents who reported having experienced a breach indicated it was only one. Another 30% had been through two breaches, 14% three and 7% four, 5% five and 9% more than five.

More here:

The Flame Cyber Espionage Attack: Five Questions We Should Ask

Last week, Kaspersky Lab announced the discovery of Flame, a malicious program with “complexity and functionality...exceed[ing] those of all other cyber menaces known to date.” Once installed on a computer, Flame conducts espionage using a bag of tricks including screen shots, recording of audio conversations, and network traffic monitoring. It is believed by some experts to be the work of a nation state, and has primarily been targeting systems in the Middle East. As a Kaspersky Lab representative explained in a Q&A, there “doesn’t seem to be any visible pattern re the kind of organizations targeted by Flame. Victims range from individuals to certain state-related organizations or educational institutions.”
This has added fuel to the ongoing debate regarding a possible international treaty banning cyberweapons. It’s an important topic that deserves proper consideration. But the publicity around Flame furnishes an opportunity to consider other cybersecurity questions as well. Here, in particular, are five worth asking:
More here:

Monday, June 4, 2012

Cyber Spy Program Flame Compromises Key Microsoft Security System

The cyber espionage super bug Flame compromised a key Microsoft security system, the company has now revealed, prompting Microsoft to issue an emergency patch to its millions of customers because of fears of what one expert called potential "collateral damage" from the U.S. and Israel's cyber war against Iran.

In an alert issued late Sunday, Microsoft told customers that the authors of Flame -- a highly sophisticated surveillance computer virus discovered on networks in the Middle East and Iran -- had figured out how to use Microsoft's own security system to forge digital security certificates, which then allowed the malicious code to spread undetected by anti-virus programs. Digital certificates are in part designed to authenticate interactions online and help protect computer networks from being accessed by unauthorized users.

Microsoft fixed the security breach, but was also forced to add the compromised certificates to its own growing list of "untrusted" certificates.

More here: